Apple emerged as a guardian of user privacy this year after fighting FBI demands to help crack into San Bernardino shooter Syed Rizwan Farook’s iPhone. The company has gone to great lengths to secure customer data in recent years, by implementing better encryption for all phones and refusing to undermine that encryption.

But private information still escapes from Apple products under some circumstances. The latest involves the company’s online syncing service iCloud.

Russian digital forensics firm Elcomsoft has found that Apple’s mobile devices automatically send a user’s call history to the company’s servers if iCloud is enabled — but the data gets uploaded in many instances without user choice or notification.

“You only need to have iCloud itself enabled” for the data to be sent, said Vladimir Katalov, CEO of Elcomsoft.

The logs surreptitiously uploaded to Apple contain a list of all calls made and received on an iOS device, complete with phone numbers, dates and times, and duration. They also include missed and bypassed calls. Elcomsoft said Apple retains the data in a user’s iCloud account for up to four months, providing a boon to law enforcement who may not be able to obtain the data either from the user’s phone, if it’s encrypted with an unbreakable passcode, or from the carrier. Although large carriers in the U.S. retain call logs for a year or more, this may not be the case with carrier outside the US.

It’s not just regular call logs that get sent to Apple’s servers. FaceTime, which is used to make audio and video calls on iOS devices, also syncs call history to iCloud automatically, according to Elcomsoft. The company believes syncing of both regular calls and FaceTime call logs goes back to at least iOS 8.2, which Apple released in March 2015.

And beginning with Apple’s latest operating system, iOS 10, incoming missed calls that are made through third-party VoIP applications like Skype, WhatsApp, and Viber, and that use Apple CallKit to make the calls, also get logged to the cloud, Katalov said.

Because Apple possesses the keys to unlock iCloud accounts, U.S. law enforcement agencies can obtain direct access to the logs with a court order. But they still need a tool to extract and parse it.

Elcomsoft said it’s releasing an update to its Phone Breaker software tool today that can be used to extract the call histories from iCloud accounts, using the account holder’s credentials. Elcomsoft’s forensic tools are used by law enforcement, corporate security departments, and even consumers. The company also leases some of its extraction code to Cellebrite, the Israeli firm the FBI regularly uses to get into seized phones and iCloud data.

In some cases, Elcomsoft’s tool can help customers access iCloud even without account credentials, if they can obtain an authentication token for the account from the account holder’s computer, allowing them to get iCloud data without Apple’s help. The use of authentication tokens also bypasses two-factor authentication if the account holder has set this up to prevent a hacker from getting into their account, Elcomsoft notes on its website.

Apple’s collection of call logs potentially puts sensitive information at the disposal of people other than law enforcement and other Elcomsoft customers. Anyone else who might be able to obtain the user’s iCloud credentials, like hackers, could potentially get at it too. In 2014, more than 100 celebrities fell victim to a phishing attack that allowed a hacker to obtain their iCloud credentials and steal nude photos of them from their iCloud accounts. The perpetrator reportedly used Elcomsoft’s software to harvest the celebrity photos once the accounts were unlocked.

Generally, if someone were to attempt to download data in an iCloud account, the system would email a notification to the account owner. But Katalov said no notification occurs when someone downloads synced call logs from iCloud.

Apple acknowledged that the call logs are being synced and said it’s intentional.

“We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices,” an Apple spokesperson said in an email. “Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.”

The syncing of iCloud call logs would not be the first time Apple has been found collecting data secretly. A few months ago, The Intercept reported about similar activity occurring with iMessage logs.

Chris Soghoian, chief technologist for the American Civil Liberties Union, said he’s not surprised that Apple is collecting the information.

“It’s arguably not even the worst thing about iCloud,” he told The Intercept. “The fact that iCloud backs up what would otherwise be end-to-end encrypted iMessages is far worse in my mind. There are other ways the government can obtain [call logs]. But without the backup of iMessages, there may be no other way for them to get those messages.”

Still, he said it’s further proof that “iCloud really is the Achilles heel of the privacy of the iPhone platform. The two biggest privacy problems associated with iCloud don’t have check boxes [for users to opt out], nor do they require that you opt in either.”

Jonathan Zdziarski, an iOS forensics expert and security researcher, said he doesn’t think Apple is doing anything nefarious in syncing the call logs. But he said that Apple needs to be clear to users that the data is being collected and stored in the cloud.

Authorized and Unauthorized iCloud Collection

iCloud is Apple’s cloud service that allows users to sync data across multiple Apple devices, including iPhones, iPads, iPods, and Macs. The iPhone menu corresponding to the service gives users the option of syncing mail, contacts, calendars, reminders, browser history, and notes and wallet data. But even though call logs are automatically getting synced as well, the menu does not list them among the items users can choose to sync. Because there’s no way to opt in to sync call logs, there is also no way to opt out — other than turning off iCloud completely, but this can cause other issues, like preventing apps from storing documents and data (such as WhatsApp backups) in the cloud.

“You can only disable uploading/syncing notes, contacts, calendars, and web history, but the calls are always there,” Katalov said. One way call logs will disappear from the cloud is if a user deletes a particular call record from the log on their device; then it will also get deleted from their iCloud account during the next automatic synchronization.

Katalov said they’re still researching the issue but it appears that in some cases the call logs sync almost instantly to iCloud, while other times it happens only after a few hours.

In addition to syncing data among their devices, users can also configure their iCloud account to automatically back up and store their data. Katalov said that call logs get sent to the cloud with these backups as well, but this is separate from the trafficking his company discovered: Even if users disable the backups, their call logs will still get synced to Apple’s servers.

“I would suggest Apple to add a simple option to disable call log syncing, as they do that for calendars and other things,” Katalov told The Intercept, though he acknowledges this would likely take some re-architecting on Apple’s part. Nonetheless, he says, “They should allow people to disable that if they want to.”

Even as Apple has increased the security of its mobile devices in recent years, the company has been moving more and more data to the cloud, where it is less protected. Although iCloud data is encrypted on Apple’s server, Apple retains the encryption keys in almost every instance and can therefore unlock the accounts and access data for its own purposes or for law enforcement.

“All of your [iCloud] data is encrypted with keys that are controlled by Apple, but the average user isn’t going to understand that,” Zdziarski said. “You and I are well aware that Apple can read any of your iCloud data when they want to.”

Apple discusses the privacy implications of iCloud collection on its website and does say that implementing backups will send to iCloud “nearly all data and settings stored on your device.” A 63-page white paper on the site discloses more clearly that call logs get uploaded to Apple servers when iCloud backups are enabled. But neither document mentions that the logs still get uploaded even if backups aren’t enabled.

Even in an online document about handling legal requests from law enforcement, Apple never mentions that call logs are available through iCloud. It says that it possesses subscriber information that customers provide, including name, physical address, email address, and telephone number. It also says it retains IP connection logs (for up to 30 days), email metadata (for up to 60 days), and content that the user chooses to upload, such as photos, email, documents, contacts, calendars, and bookmarks. The law enforcement document also says that Apple’s servers have iOS device backups, which may include photos and videos in the user’s camera roll, device settings, application data, iMessages, SMS and MMS messages, and voicemail.

The only time it mentions call logs is to say that iCloud stores call histories associated with FaceTime, but it says it maintains only FaceTime call invitation logs, which indicate when a subscriber has sent an invitation to someone to participate in a FaceTime call. Apple says the logs “do not indicate that any communication between users actually took place.” It also says it only retains these logs for “up to 30 days.”

But Elcomsoft said this is not true. Katalov said the FaceTime logs contain full information about the call, including the identification of both parties to the call and the call duration. He said his researchers also found that the FaceTime call logs were retained for as long as four months.

Early Clues From Frustrated Apple Customers

Some users are aware that their call logs are being synced to Apple’s servers, because a byproduct of the automatic syncing means that if they have the same Apple ID as someone with a different device — for example, spouses who have different phones but use the same Apple ID — they will see calls from one device getting synced automatically to the device of the other person who is using the same ID.

“It’s very irritating,” one user complained in a forum about the issue. “My wife and I both have iPhones, we are both on the same apple ID. When she gets a call my phone doesn’t ring but when she misses that call my phone shows a missed call icon on the phone app and when I go to the phone app it’s pretty clearly someone who wasn’t calling my phone. Any way to fix this so it stops?”

Another user expressed frustration at not knowing how to stop the syncing. “I use my phone for business and we have noticed in the last few days that all of the calls I make and receive are appearing in my wife’s iPhone recent call history? I have hunted high and low in settings on both phones but with no joy.”

There’s no indication, however, that these customers realized the full implications of their logs being synced — that the same data is being sent to and stored on Apple’s servers for months.

Apple isn’t the only company syncing call logs to the cloud. Android phones do it as well, and Windows 10 mobile devices also sync call logs by default with other Windows 10 devices that use the same Microsoft account. Katalov said there are too many Android smartphone versions to test, but his company’s research indicates that call log syncing occurs only with Android 6.x and newer versions. As with Apple devices, the only way for a user to disable the call history syncing is to disable syncing completely.

“In ‘pure’ [stock versions of] Android such as one installed on Nexus and Pixel devices, there is no way to select categories to sync,” Katalov said. “For some reason, that is only able on some third-party Android versions running on Sony, HTC, Samsung, etc.” The company already produces a tool for harvesting call logs associated with Android devices.

There’s little that subscribers can do to prevent law enforcement from obtaining their iCloud call logs. But to protect against hackers who might obtain their Apple ID from doing the same, they can use two-factor authentication. But Zdziarski said there’s another solution.

“The takeaway really is don’t ever use iCloud. I won’t use it myself until I can be in control of the encryption keys,” he said.

Correction: Nov. 17, 2016An earlier version of this story quoted the director of a university computer forensics program, who is also a former FBI supervisory agent, stating that telecom providers generally only retain call logs for 30 or 60 days. It has been updated to clarify that U.S. providers retain such information for a year or more.

We depend on the support of readers like you to help keep our nonprofit newsroom strong and independent. Join Us

Related

Contact the author:

A research said that 38 percent of mobile professionals have never used a VPN. Now they have to use it, if they really want to stop these kinda tracking, Personally i would recommend PureVPN’s free iOS App

With the latest iOS 10 update, Apple is also listening to and transcribing you voice mail into text. No doubt they are keeping and analyzing these messages to further track users.

Using background music + conversational noise in languages with similar phonesmes will make automatic voice-to-text transcribing (then indexing, staging in corpora and storing for good) virtually impossible.

We humans are good at parsing out noise, machines aren’t. Also, as most as you can exploit intersubjectivity. Machines can only store what you say, how you say it.

… Apple retains the data in a user’s iCloud account for up to four months, providing a boon to law enforcement who may not be able to obtain the data either from the user’s phone, if it’s encrypted with an unbreakable passcode, or from the carrier. Although large carriers in the U.S. retain call logs for a year or more, this may not be the case with carrier outside the US.

Which gives the NSA plenty of time to transfer the data to their servers and doing so from one of their affiliated “five eye” programs, so, “technically” they are not the ones collecting domestic data …

In 2014, more than 100 celebrities fell victim to a phishing attack that allowed a hacker to obtain their iCloud credentials and steal nude photos of them from their iCloud accounts.

Now, who are the ones smarting out whom here?

Still, he said it’s further proof that “iCloud really is the Achilles heel of the privacy of the iPhone platform. The two biggest privacy problems associated with iCloud don’t have check boxes [for users to opt out], nor do they require that you opt in either.”

on the site discloses more clearly that call logs get uploaded to Apple servers when iCloud backups are enabled. But neither document mentions that the logs still get uploaded even if backups aren’t enabled.

Seriously? This is journalism? My god you guys must have absolutely nothing useful to write about. Why don’t you tell us about how Google and Facebook, and yes Microsoft aggregate private information, or for that matter any company you “sign in” to use. Frankly if you are not prepared to share this kind of info DO NOT PLUG IN YOUR **ukin device to the web or use any apps again EVER. Do you honestly think it was any different prior to the cloud or servers? Telecom companies also shared info with authorities with a warrant since day one so sorry this writing isn’t worth the virtual paper it is written on. In fact, this article is essentially complete, absolute rubbish that gives a Russian “security” (actually a hacking) company a reason to exist. How pathetic. What all this boils down to is justifying hacking into Apples infrastructure and sharing so called “secrets” that are actually pretty simple common sense any reasonable person using the internet or connected devices should already know. Not to mention I would be willing to bet Apple doesn’t care what these clowns think, and the gist of all of this is already outlined in the terms of use that all users cheerfully agree to each time they update or activate any device, (apple or otherwise) usually without reading any part of.
Bottom line here: don’t throw stones in glass houses. In my opinion, with all the choices out there, none are more committed to your privacy than is apple. This comes from decades of personal experience with the company on a large scale business level. If the law compels Apple to share info because your a criminal, and has a warrant to do so, too bad for you. You gave up your right to privacy being a criminal so suck it up. In the mean time, don’t confuse the intent of a useful user experience with the intent to use your private information to up-sell, misdirect, mislead or otherwise hinder ANY of your day to day life and reasonable expectation to privacy. With a company like Apple that is scritized each time they wipe their buts, I highly doubt we wouldn’t have heard about it if our information was being mismanaged. smh. Click bait of the worst kind.

The moral of the story is not to avoid iCloud. The moral of the story is that all this high tech crap, phones, computers, the whole damn shooting match, is completely crooked. The people who make it are crooked (see the China backdoor post by Sillyputty below). The people who operate it are crooked – they suffer no penalty if they outright lie to you, and they get around it by saying that every minute of every day you might twiddle and tweak a thousand settings nobody ever heard of to maybe make your data private, unless somebody pays a company in Israel. The science itself is crooked, designed by people looking for intelligence dollars not by people looking to build private systems.

The cud-chewers out there who say “you have no privacy, so what” at least have a realistic model of the world. They understand that every computer, every “smart” device, every toy drone, every piece of software is the government‘s computer, device, drone, or software, and they are not really allowed to look into it and see how it works even if they knew how. What privacy advocate can claim a similar degree of realism in his prescriptions? Only the one who is not using this shit.

Me. I’m one. I chose not to ever own a cell phone for this very reason. I don’t care what they (Apple) says, …………and this might be weird………….they have billions of dollars in Ireland and other countries and suddenly they are looking at bringing all of that money home w/only a 15% tax.

What Apple did was illegal and yet they and others have never suffered any consequences for their actions.

Well this is how you could look at who you called and when on your other iDevices (same for iMessage). This isn’t being secretive, this has been part of the user experience for a long time. Its called convenience. I like getting a new iPhone, and seeing my existing iMessages and phone calls in place and just continuing from there. It isn’t secure – but not having it is a pain (going to a new phone and you loose all that history).

Now someone who is at risk would want iCloud off, but they should have already turned it off previously.

Wow… This is as bad as the press during and after the presidential election. This isn’t news. What is so secret about it. If an iPhone user has ever restored from a iCloud backup they saw that their call logs were restored. If you are so worried about this kind of thing, you might need to go back to a flip phone. Or at least delete your call logs on a regular basis. This is NOT news. Poor journalism is what it is. Hopefully the author did wrote this report for free, otherwise it cost too much.

“All of your [iCloud] data is encrypted with keys that are controlled by Apple, but the average user isn’t going to understand that,” Zdziarski said. “You and I are well aware that Apple can read any of your iCloud data when they want to.”

Maybe someone should defect from Apple … or Microsoft … or Google … or my ISP … or … oh hell, so what if the NSA does the same thing the rest of these fucking capitalist institutions do.

Let’s ask Russia to tell us about DNC emails.

What could go wrong with that?

Apparently there’s no institution on earth devoted to the public interests … except maybe Wikipedia.

But ask any of them and they’re send up a flack to explain how they only want what’s best for you.

FYI. Not saying anything one way or the other, but providing necessary technical context:

“For the first time, we have extensive details on iCloud security. For security professionals like myself, this is like waking up and finding a pot of gold sitting on my keyboard. Along with some of the most impressive security I’ve ever seen, Apple has provided a way to make it impossible for agencies like the NSA to obtain your iCloud Keychain passwords.”

what is the point here? “secretly,” really? have you ever bought a new phone and talked to your phone provider or an Apple Store Genius, who is happy to tell you that your new phone will transfer over your call history from the old phone, which most customers actually want? Is your point that most people are so daft that they think that just happens by magic? There is no story here.

So…this is different from call records via landline & cellular providers? Any of you taken a look at your phone bill in a while?? Those have been accessible to law enforcement with no encryption for many decades. And iCloud is encrypted. What’s the controversy?

I am studying cyber security at a west coast school. Sadly this is yet another example of just how little privacy is preserved in today’s Internet and cloud connected communications infrastructure. Thank you for publicizing this vulnerability to personal privacy.

Amen. What’s all these haters and Creepos on here for. If they don’t like what they read they can easily subscribe to something else. They are spending their time and energy attacking innocent ppl. who work hard and care about Human rights. Instead why not do something positive in the world. Instead of being Verbally and otherwise Abusive to ppl who are True americans and concerned for citizens safety.

You have to be pretty daft to think that your ISP or mobile provider isn’t storing data on you. How do you think Facebook targets their ads on your wall? Or why you suddenly start getting emails about items you search for or talk about? Yeah…there is no privacy. If you think there is, well, see my first sentence.

The Dummos need to jump on this, stat! The Rooskies are interfering again with our perception of exceptionalism. How dare they report on the sleazy dealings about an American icon! No, not Hillary this time, but Apple, the sacred corporation begun by Saint Jobs, which enables us to feel smugly special by paying way too much for a brand name. This must stop! Call out Seal Team Six to crash a copter in Moscow and come out with guns blazing!

I really don’t see a problem here. Apple has to do it, if you want your resent call list on you device when you restore from iCould. The iCloud Backup is turned on it backs up everything. Do not use Same iCloud ID on your wife’s phone and yours. You can still share iTunes account and not iCloud.

I don’t like any of this, but doesn’t the NSA collect all this anyway? I was under the impression that they had more than just metadata, but also content. If so, that would seem to be the primary worry. Not to excuse Apple by any means. But it seem detail on the NSA would make for a more complete story.

One more ‘gotcha’ discovery about mobile phone security, which of course depends fundamentally on the proper design and implementation of the OS and applications (Android, IOS, etc). These are very complex pieces of software, with many interacting modules, and unless performance is specified and proven mathematically, we’ll always be hearing of new issues like this. There’s very little example of complete specification in modern OS’s, much less formal proof of correctness.

Well, that’s the baseline that tech journalists seem to revert to between articles. That it’s up to Apple or Google or Nokia to make their phones secure, and that bugs like this mean they’re not doing that. Having foisted responsibility for security onto the manufacturer, virtually all concerned consumers settle with what they have, perhaps contributing a half-hearted effort to make sure the OS security settings are “right”.

But ask these amnesiac reporters “What about the baseband processor?” and many will reply, “Oh yes, that.” Indeed, that. Because I lied in the first paragraph; security does not depend fundamentally on the phone OS.

The baseband processor is what controls the radio in your phone. Modern phones talk digitally using complex protocols; those protocols are implemented in the baseband processor. Because modern cell phone OS’s aren’t true real-time operating systems, the baseband processor also controls the microphone, speaker, and camera. It’s got a hardware implementation of the data compression and processing for all ‘dumb phone’ features.

This processor also has access to the processor running the OS, and all components attached to it — memory, flash storage, etc. Its access is unrestricted. It is easy to speculate that the rogue code in the implementation of the baseband processor could interact with the OS CPU via ‘hypervisor mode’, which would give control of Ring0 ‘supervisor’ mode. Supervisor mode (which controls ‘user’ mode) is where OS security is implemented.

“Rogue code”? How could that be present in a hardware processor? Well, the application-specific circuits in these processors are actually layed out by a software tool, from descriptions that look quite similar to software code. Code could be inserted during manufacturing, and the required circuitry to implement a pattern of interaction would be generated automatically. But the really neat thing that can be put in modern chips is “FPGA fabric”, which is a type of circuit pattern similar to a RAM circuit — it’s repeated in big arrays and measured in bits and bytes and it can be accessed. On FPGA fabric, which is like a dynamically configurable circuit, one can implement virtual processors, on which can be run a very real OS, talking directly to the radio and running dynamically-loaded programs in some FPGA fabric allocated as RAM.

I assume that the manufacturer of the baseband processor ensures the security of their design and fabrication processes, so this is just an example of the kind of thing that is possible, that the OS companies can’t do a damn thing about. They are inherently unable to guarantee the security of their products, they don’t even have visibility into how/when it might be compromised. A hypervisor-mode program could easily watch the OS for (for example) a digital signature check of a downloaded update, and “pause” the supervisor, swap a flag from “signature bad” to “signature good”, and resume the OS like nothing had happened. Except the OS just allowed an unsigned update, that it downloaded over the radio, to be accepted. No crypto fanciness or interaction with the OS or phone hardware manufacturers required.

Given this multi-level disempowerment, being worried about OS or OS-service (iCloud) security is irrelevant. Even if those were known to be well secured (which they can’t be, and still be commercially feasible to develop), there’s still no way to be sure what your phone is actually doing, and it’s quite capable of completely hiding it’s tracks from you and the OS.

Good research by the security firm.
Sadly, this article seems to be optimized for maximum click generation. Call logs stored by apple for a couple of months don’t matter. The carrier stores the call logs and have been doing that (for decades)? duh…

I don’t get how this is a new discovery. iDevices that have been syncing with iCloud have had their call logs sync for a long time now, so OF COURSE that is being stored in the cloud. This is not news just because someone noticed the dead obvious fact that police/FBI could get access to it.

Having relatives who lived through REAL wars,NEVER store any info on anything not under you hands. This includes never putting creditcard bank info on pads or phones.
Suck up the convenience, tedium may save your life.
And yes, paper is edible!

Sounds like some more liberal alarmist tripe. This is the longest story I have ever read online and I think the subject is important enough so I read every word. It was a waste of time. We have enough to worry about without wasting time on liberal false flag issues.

Using any current cloud services if you care about security is kind of like James Bond keeping his beyond-top-secret documents in a public library, in a filing cabinet with his name on it, and claiming that it’s OK because there’s a lock on the filing cabinet.

Russia, communist? No, no, they closed their overseas bases, downsized and went democratic back in Gorbachev’s day. They’re Exceptional too, just like us. Some say they’ve surpassed us in attending to the voice of the people. They’ve already put billionaires in jail. We’ve yet to do that.